What happened to people just doing stuff for learning, for enhancement of knowledge, deep understanding..not a quick few hundred dollars.

I have to say though targetting WoW users is a pretty smart and unique vector, as quite a lot of money does come from Virtual sources, selling level 60 characters, selling certain items, selling information and so on.

A new password-stealing Trojan targeting players of the popular online game “World of Warcraft” hopes to make money off secondary sales of gamer goods, a security company warned Tuesday.

MicroWorld, an Indian-based anti-virus and security software maker with offices in the U.S., Germany, and Malaysia, said that the PWS.Win32.WOW.x Trojan horse was spreading fast, and attacking World of Warcraft players.

The trojan spreads through the normal VB virus of the week vectors (email, network etc), but specifically targets WoW accounts.

The Trojan spreads via traditional vectors, such as e-mail and peer-to-peer file sharing, added Rammurthy, but it has also been watched while it installs in a drive-by download from gaming sites’ pop-up ads. The surreptitious installation is accomplished by exploiting various vulnerabilities in Microsoft’s Internet Explorer Web browser.

Now this is a VERY interesting project, as I’ve always said the majority of DoS attacks and DDoS attacks (90%+) could be stopped if all the ISP’s null routed packets which DO NOT originate from IP blocks they own, e.g. spoofed packets.

Basically the project has been established to see if you can spoof IP packets or not, and what percentage of ISPs already drop the packets.

It seems in general about 20-25% of systems are able to spoof packets.

The classic design tenets of Internet architecture produced a network capable of remarkable scalability while relegating security to the end hosts. As a result, the public Internet includes no explicit notion of authenticity and will forward packets with forged headers. Malicious users capitalize on the ability to spoof” source IP addresses for anonymity, indirection, targeted attacks and security circumvention. Compromised hosts on networks that permit IP spoofing enable a wide variety of attacks. Despite being first exploited over two-decades ago, IP spoofing is a persistent problem and a continued threat. In addition to mounting spoofed-source bandwidth-based denial-of-service (DoS) attacks, new exploits utilizing IP spoofing surface regularly.

Some may suspect the project and the software involved is somewhat nefarious, but oh well, if you are going to get r00ted by someone, let it be MIT ok? Anyway you can always run it in a sandbox or in a fresh VMware machine.

It seems the faith in Microsoft from the security industry is at an all time low, not surprising really with the amount of flaws that have been coming out in both the OS and the crapware forced upon its users like Internet Explorer Exploder.

Anti-virus firms at Infosec say they expect Vista and IE7 to change nothing for the industry. Microsoft used its presence at the show to laud the security features they’ve been busy building in the the upcoming software.

In particular, Microsoft was eager to talk about how Vista will finally jettison the need to run Windows as an administrator most of the time.

Basically what they are saying is, your mom, your gran and anyone else technically unsavvy is still going to be subjected to huge risks, even if they upgrade to Vista. Nothing is going to change in essence.

Eugene Kaspersky, founder of the eponymous Russian AV outfit said he expects the new privilege regime to have little effect. He said: “Of course they [virus writers] will find a way round it. Within a year there will be something like a rootkit for Vista.”

John Kay, Chief Technical Officer at Blackspider reckons on a “bug per line of code”. With the traditionally Heath-Robinsonian construction of MS browsers he’s not hopeful for IE7. He said: “I dread to think how many lines of code there are in there.”

1 bug per line of code? Amazingly bad, but I don’t think it would be quite so terrible. Even so, the people in the know say Windows is the worst hodge podge of spaghetti coding they’ve ever seen. It was pretty much confirmed when the Win2k & NT4 source code leaked out.

Let’s all stick to *nix & Open Source hey, but then that’s not perfect either. At least it’s improving at a rate of knots…I’m just waiting for Firefox to have a decent Bookmark manager ;)

An open-source security audit program funded by the U.S. Department of Homeland Security has flagged a critical vulnerability in the X Window System (X11) which is used in Unix and Linux systems. A missing parentheses in a bit of code is to blame. The error can grant a user root access, and was discovered using an automated code-scanning tool.

Medusa was developed on Gentoo Linux and FreeBSD. Some limited testing has been done on other platforms. If people wish to contribute patches to fix portability issues, I’d be happy to accept them. There are probably lots of bugs which have yet to surface. Please let me know if you encounter issues, fix a bug or just find the application useful.

Well the original Gouki(also known as Akuma) is a character from the Street Fighter game series. I started using this handle approximately 10 years ago, when I was a big fan of the game.

My name is Tiago, and I’m a 20-something geek living in Portugal (all over the place).

I am interested in Information Security and everything related to GNU/Linux. I consider myself a free culture activist and free software supporter. I’m involved in the FSF, the GNU project, I do a lot of tracing and editing on the Open Street Map project and I do all sorts of contributions to the Ubuntu GNU/Linux distribution.

I also use a fair part of my free time working on the Tor Project, where I’m the core translator off all projects under Tor to Portuguese, run several relay nodes and one bridge node. I also keep a server with hidden services up and running for people on the .onion land.

During the day, I maintain my own small business dealing mostly with disaster recovery, teach LPI (I’m LPIC-3 and UCP-1 certified) and CompTia (A+, Network+, Security+ and Linux+ certified) courses and maintain a few Drupal/Wordpress websites for clients. Basically doing what I can to pay the bills.

My posts on Darknet will, obviously, be related to Information Security with special interest on Wireless, Linux kernel and general news.

Switchback? For the worst? Aww Microsoft would never compromise our security for the sake of convenience or their profit line right?

Microsoft has shelved plans to include native support for RSA’s SecurID tokens in Windows Vista, even though the company has been trialling the technology for almost two years.

In February 2004, Microsoft chairman Bill Gates announced that Windows would be able to support easy integration with RSA Security’s ubiquitous SecurID tokens, which meant that enterprises would find it far easier to deploy a two-factor authentication system for logging on to networks and applications.

However, almost two years after the SecurID beta programme kicked off, the chief executive of RSA Security Art Coviello has revealed that Windows Vista will not natively support the technology.

Yeah, you read it right, Vista will not support SecurID. Shame really it opened up a whole load of new capabilities.

Microsoft had said they would include the ability to support all kinds of One Time Password (OTP) and challenge response type authentication in Vista but they were unable to get it in with all the other issues they have had — so it is going to take longer

Pretty interesting and imaginative way to exploit the flaw in IE…yeah I know linked to ActiveX again, all the more reason to use Firefox right?

It just shows that the browser really is a point of entry, this could be useful for a penetration test, another way to show how easy it is to get in via internet explorer, the frequency with which IE exploits have been coming out recently is scarier than normal.

A particular scenario was identified that involved the exploitation of the modal ActiveX prompt delivered by some systems. The user is asked to type a certain string of characters (ala captcha). A prompt will be displayed (hopefully during the time the user is typing the string) to install the Microsoft Surround Video Control.

If you’re still typing the “captcha” when the prompt appears, you’ll install the control. This works as advertised against all systems EXCEPT Windows XP SP2 and Windows Server 2003 SP1. If the software you install hoses your box, just remember that it’s signed by Microsoft. In
other words… don’t look at me.

It just crashes IE for me, I’m not sure if it’s a null pointer or what, but I’m sure there’s some way to exploit it to take over the machine, it’s a another vulnerability, which usually can be mashed together with a couple of others to get complete control.